Browse Site by Tags - MSMVPS.COM

UAC - The Emperor's New Clothes

I heard a complaint the other day about UAC - User Account Control - that was new to me. Let's face it, as a Security MVP, I hear a lot of complaints about UAC - not least from my wife, who isn't happy with the idea that she can be logged on as an administrator, but she isn't really an administrator...

Posted to Tales from the Crypto (Weblog) by Alun Jones on 04-24-2008
Filed under: General Security, Things I Learned At Microsoft, Windows Vista, What my wife knows, Windows Server 2008

Waiting for Vista SP1?

In a previous article, I wrote about how to sound stupid by saying " let's wait for Service Pack 1 before we deploy Windows Vista ". Now here are a few ways to sound clever, by pointing to specific issues that will be fixed by Windows Vista SP1 . GPMC.MSC (the Group Policy Management Console...

Posted to Tales from the Crypto (Weblog) by Alun Jones on 01-17-2008
Filed under: Things I Learned At Microsoft, Miscellany - not security, Windows Vista

Why you don't run as root

[... or administrator, or whatever] I like Roger Grimes, he's a nice guy, and he generally makes me think about what he has to say. That's a good thing, because otherwise he'd either be part of the same choir as me, or he'd be the sort of guy whose ideas I dismiss with a wave of the paw...

Posted to Tales from the Crypto (Weblog) by Alun Jones on 01-11-2008
Filed under: General Security, Things I Learned At Microsoft, Windows Vista, What my wife knows, Windows Server 2008, UAC

Let's just wait for Service Pack 1

Every so often, I'll hear it said, and frequently not in jest, "let's wait until Service Pack 1 before we deploy Vista", or sometimes "Server 2008". While it's true that Microsoft has indeed announced plans to test, and then release, Windows Vista SP1 early in 2008 , I...

Posted to Tales from the Crypto (Weblog) by Alun Jones on 08-30-2007
Filed under: Things I Learned At Microsoft, Miscellany - not security, Windows Vista

Microsoft's man in Europe thinks Bitlocker is something it isn't

I've discussed this before - Bitlocker in Vista, by default, only offers to encrypt your laptop using a key it gets from the onboard TPM chip. This means that you can boot the laptop to a logon screen, and try to attack the system not only through the logon password, but also through all of the data...

Posted to Tales from the Crypto (Weblog) by Alun Jones on 10-10-2006
Filed under: General Security, Things I Learned At Microsoft, Windows Vista

McAfee wants to modify your kernel

Much press has been made lately about the complaints by McAfee and Symantec that they have been locked out of modifying the Windows Vista x64 kernel through the closure of undocumented back-doors that they used to use. (Sadly, none of what either company has said seems to carry any technical explanation...

Posted to Tales from the Crypto (Weblog) by Alun Jones on 10-05-2006
Filed under: General Security, Programmer Hubris, Things I Learned At Microsoft, Windows Vista

Is BitLocker Misdirected?

As blogged recently by the Bitlocker crew , the behaviour of BitLocker in Windows Vista RC1 has been changed - there were originally three methods of providing the regular unlock key to Bitlocker, and this has been reduced to one without some irritating Group Policy mularkey. The key method that is left...

Posted to Tales from the Crypto (Weblog) by Alun Jones on 09-26-2006
Filed under: General Security, Things I Learned At Microsoft, Windows Vista